xloader

General

Target

New_Purchase_Order.exe
Size

529KB
Sample

211102-hqyltabhc9
MD5

09cabc48e298881631e9fc256a748939
SHA1

7c9430cd7ff4cad1e8a75fb5e66c59226aba0202
SHA256

5b353b83719d0a2f4a9f5ad11894c5c2129ae67e28a1f8677150a03623ab21f9
SHA512

781225c0358ec55985ddc716879c1e889a4235cf4aec40ee07e1269799b1660b624e162f5a14f0adcbe5fc9528930f7a203b935f6fad8e6ac5436475ba13fa19

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

op08

C2

http://www.jjmpestman.com/op08/

Decoy

youva.online

bbyyn1.xyz

cuttizy.com

octoorder.com

empiredigitaldating.com

giuseppedelcampo.com

kingstons.info

kwanta.info

soulworkerrush.com

sookrit.com

flambeauxartpottery.com

360metaverse.online

adnilm.com

interiordesignhampshire.com

bitpaynumber.support

aliancafm.com

tivohub.xyz

xn--ucy193f.com

smartmapom.com

thelifeofrileyelizabeth.com

Targets

- Target
  
  New_Purchase_Order.exe
- Size
  
  529KB
- MD5
  
  09cabc48e298881631e9fc256a748939
- SHA1
  
  7c9430cd7ff4cad1e8a75fb5e66c59226aba0202
- SHA256
  
  5b353b83719d0a2f4a9f5ad11894c5c2129ae67e28a1f8677150a03623ab21f9
- SHA512
  
  781225c0358ec55985ddc716879c1e889a4235cf4aec40ee07e1269799b1660b624e162f5a14f0adcbe5fc9528930f7a203b935f6fad8e6ac5436475ba13fa19
Score

10^/10

xloader op08 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2